On Fri, May 6, 2011 at 12:13, Brian <ad44@cityscape.co.uk> wrote:
>> You could run Debian Live on a USB stick (or any other live distro,
>> really). Boot your work machine with that, and you will have a trusted
>> machine. Use that to ssh to your home machine.
>
> I suppose this 'trusted machine' doesn't have a key logger on it?
>
Check the keyboard cable, good idea. Only a hardware keylogger would
be an attack vector once the machine is booted from removable media. A
key would help here, as it is not typed in anyway.
>> And follow the advice that others have already given you. Specifically,
>> disallow password authentication. That is a biggie. Even if you have a
>> strong password, others on your home machine may not. As already said,
>> you can use AllowUsers in sshd_config to allow only specific users to
>> have ssh access.
>
> A strong password is no less secure in brute force terms than a key so
> there is no reason to disallow it on those grounds. You can also be sure
> you have never left it at home or elsewhere.
>
A strong password can be keylogged, a key cannot.
--
Dotan Cohen
http://gibberish.co.ilhttp://what-is-what.com